System Care Antivirus

From Jonsdocswiki
Revision as of 07:55, 22 May 2013 by Jonathan (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
System Care Antivirus (malware) main screen
System Care Antivirus is a fake antivirus program that prevents a user executing any applications and attempts to force a purchase. The malware pretends to find a number of virus and malware infections on the infected computer but will only remove the threats after a purchase is made. This malware was first seen by Jonathan in May 2013.

This malware disables in place, genuine, anti-virus

Contents

Location of infected files

On Windows 7 systems the infected files can be found at C:\ProgramData\<random string of characters> and there are 3 files:

  • Executable file
  • Icon file
  • Other file

Files may claim to have a creation date of 2002 and each file is named the same as the <random string of characters>.

Cleanup

  • Via a different user account, with the infected user logged out, locate and rename the malware files
  • Download appropriate anti-virus updates / tools and scan your computer.
  • Fix installed anti-virus

Screenshots

Analysis

  • The malware will infect a computer but not start functioning (alerting the user and blocking programs) until an Internet connection is present
  • The "other file" only appears after an Internet connection has been detected
  • More to follow
Personal tools